Digital life worth less than USD 50 – Online personal data escaping control

From the Kaspersky Next conference in Barcelona

From phone numbers, through e-mail addresses, workplaces, to credit ratings and birth dates, an alarmingly large amount of information on us is available online. Europeans are slowly losing insight into their own personal data and which companies, state organs or platforms have information about their identity or the identities of their children.

A survey carried out by Kaspersky Lab, in which over 7,000 users from all over Europe took part, shows that the loss of control over personal data is something that most people have to deal with, and online privacy was one of the key topics at the Kaspersky Next conference, which was held from October 29 through 31 in Barcelona, bringing together cyber security experts, representatives of institutions, NGOs and about a dozen media from the Old Continent, but also from Australia. eKapija was one of them.

Online protection experts are not surprised that personal data have escaped control, seeing how as many as 64% of people do not know about all the places where their personal information is kept on the web. Perhaps even more worrying is the fact that 39% of parents do not know which personal data their children share online. Kaspersky Lab is trying to solve this problem, presenting a beta version of the Privacy Audit service at the event in Barcelona. The service was launches by the company's startup incubator in order to help people regain control of their data. This service is specially designed to enable users to learn what information on them is out there in the online world.

– This is a service which allows you as an individual to request information about your person data stored in certain databases and servers. Practically, you are auditing yourself! Privacy Audit enables you to regain your privacy by browsing various databases through a single step, which would otherwise take you a lot of time to do yourself – said Marco Preuss, Director for Europe of Kaspersky's Global Research and Analysis Team (GReAT), presenting the company's latest tool.

In his interview with eKapija, Preuss points out that one of the main threats to online privacy today is people's awareness, or lack thereof. Users provide a lot of information about themselves online without realizing what a threat to their privacy it can be.

– Many services are still based on collecting and selling data on the behavior of users, who are then presented with various ads. For example, there are free e-mail servers which in fact know everything about you. The same is true of social networks, streaming services and similar services that are free or not too expensive to use, but which collect a lot of data about your behavior and habits, which can then be sold to other entities. It's a global problem, then – Preuss says.

Marco Preuss

When it comes to mobile apps, which often require access to many of the phone's data or functions, our interviewee recommends that users think carefully about which apps they really need. Also, both iOS and Android feature an option for limiting the access to certain data, such as photographs or the location – “you do have control, you just need to think about it!”

Marco Preuss emphasizes that people need to protect their own data, because, if they don't, the consequences can be disastrous.

– If your data are stolen, you can lose money, be prosecuted over a debt incurred by somebody else, your reputation can be ruined and you can be accused of a crime somebody else has committed. Your information can be resold, and the money can be used to finance all kinds of criminal activities.

Ilijana Vavan, Managing Director of Kaspersky Lab for Europe, says for eKapija that there are no local cyber threats or specific dangers in certain regions or areas, as we live in a global world, and the internet doesn't have any borders, being “a single large connected world where a lot happens that's good, but also, unfortunately, a lot that's bad”.

– That's why cyber threats in Serbia are the same as in Germany, the USA, or any other country. I believe that we all need to be aware which data we provide and how we expose ourselves to potential criminals, so there's really no difference between local and global dangers. What's more, we have to be aware that, while physical safety can depend on the police or other forms of protection, when you're online, you're on your own and it is only up to you how well protected you are – whether you have an antivirus program installed, or an antispam or antiphishing filter on. This only makes it more complicated.Infrastructure more jeopardized than individuals

What eKapija's interviewee finds especially worrying are attacks on critical infrastructures. Lately, there have been many more cyber attacks and threats toward the industry and companies than toward individual users, which can cause huge problems.

– If my computer is attacked and someone deletes my data or images, the damage is not so big, and we all have our data backed up in some ways, as well as other means of solving the problem. The damage can be greater when it comes to credit cards, although those can be blocked. But, when a critical infrastructure is attacked, the problem is much bigger!

Ilijana Vavan

She cites as an example the fact that the entire European power distribution network is interconnected and the potential scenario in which an organized hack can switch off half the European network, causing total chaos.

– Traffic lights, computers, all devices, water supply, heating, all would be out of order. This potential scenario is perhaps a little exaggerated, but it's still very realistic and not at all pleasant to consider! Cyber crime has become an industry and is no longer the domain of students who don't take it so seriously, but professionals who make huge amounts of money this way. The “cyber crime industry” is currently evaluated at several trillion dollars, and this money is also used to finance terrorism, drug cartels...

As one of the problems in fighting cyber crime, she cites the fact that there are no borders between cyber criminals, which is not the case with actual states, where there's often mutual mistrust.

– Developed countries establish special cyber security departments within defense ministries increasingly often. The awareness is growing, special units are formed, and investments are made in this sector. There has been a literal switch from conventional arms and warfare to cyber weapons. More and more countries are preparing for cyber attacks and they all have their defense doctrines and procedures in case of attack.

Free services “harvesting” personal data

The Kaspersky Lab survey shows that users care about what happens to their info. As many as 88% worry that their data will be used illegally, and 57% would be distressed to find out that their personal financial data have been hacked. It's also significant to note that only 45% believe that large companies will take care of their data, and only 36% believe that their data are safe on social networks.

Despite this, an alarmingly large number of subjects make beginner's mistakes. For example, a fifth of them do not protect their Wi-Fi network with a password, 31% admit that they've “never updated the security options on the Wi-Fi router”, and 30% do not protect their devices with security software.

Nevena Ruzic

– We have reached the moment when our personality is much more exposed on the web than outside of it, and the reason is that we are naive in believing that online services we use are “free”. Although, as internet users, we should be more aware of where we leave our data, the organizations which process them are obligated to do so in line with legal and ethical norms – Nevena Ruzic, the head of the Sector for Harmonization at the Office of the Commissioner for Information of Public Importance and Personal Data Protection, said at the Kaspersky conference.

In her interview with eKapija, she reminds that it's not certain how well known other principles of personal data protection are in Serbia and how much they are taken into consideration, regardless of the fact that the law was passed in 2008 and that the implementation started in 2009.

– The impression is that we are not well familiar with those basic postulates and that we therefore do not implement them, and one of them is – what are data for? It is not rare that someone collects data on us without knowing what to use them for. For example, the law forbids the photocopying of ID cards and passports in hotels, and the Ministry of Internal Affairs is not supposed to do it either. The only exceptions are banks and financial institutions, because of the law on the prevention of money laundering and financing of organized crime.Hacked profiles increasingly cheaper in the black market

Researchers at Kaspersky's GReAT team have discovered that dark web criminals can sell someone's entire digital life for under USD 50, including the data from profiles stolen from social networks, banking data, remote server access or desktop, even data from popular services such as Uber, Netflix and Spotify, as well as gaming sites, dating apps, and pornography sites which can store credit card information. In the meantime, the price of a hacked account is dropping, with most of them sold at around USD 1, and criminals also offer discounts for larger purchases.

David Jacoby, a senior security researcher at Kaspersky Lab, says that most people between 15 and 35 are registered for over 20 different online services, while using only around 10 regularly, which makes it easier for hackers to remain unnoticed and earn money.

Marco Preuss emphasizes that all users need to be educated and that full education means that children are informed of online protection in school.

– Kaspersky Lab has several specific methods of online privacy protection, such as, for example, VPN filters when browsing, but it's still up to users whether to use them and whether they actively enter data on a website. We certainly plan to invest even more in the development of services which will protect user data, as there are many things we can integrate in our solutions, thereby making them even more functional – Preuss says in his interview with eKapija.